[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian mirrors and MITM

On Fri, May 30, 2014 at 10:43:56PM +1000, Alfie John wrote:
> On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote:
> > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote:
> > >The public Debian mirrors seem like an obvious target for governments to
> > >MITM. I know that the MD5s are also published, but unless you're
> > >verifying them with third parties, what's stopping the MD5s being
> > >compromised too?
> > 
> > The cryptographic signatures that are validated automatically by apt. 
> What's stopping the attacker from serving a compromised apt?

apt will check that the new apt is properly signed.

During instalation there will be a package installed called
debian-archive-keyring, and that is used to verify other things
you download.  So really the question is how you can be sure that
the initial file that you downloaded are authentic and and contain
the real key.

And it depends on what you use as medium to do your installlation.
For instance if you download a CD image, there are also files with
the MD5/SHA1/SHA256.  There is also a signed file there that you
can use to verify that the hashes haven't been modified.  So the
question becomes if you have a trust path to who signed those
files or not, which might not be the case for most people.

Having this on a random website with HTTPS doesn't add anything to
verify that the files you're downloading are the real ones or not,
it doesn't give you an alternative trust path.  That mirror might
not have verified that the files haven't been tampered with, it
might be compromised, it might be doing the attack itself.
Having the mirrors do HTTPS doesn't solve your problem of having
trust in the initial thing you download.

So I basicly see 2 solutions:
- The part that needs to be trusted needs to be downloaded over
  HTTPS from a debian.org host.  I'm not sure cdimage.debian.org
  can offer HTTPS for everything.  But maybe the files with the
  hashes alone can be enough?
- Instead of using PGP to sign something we (also) use X509
  certificates to sign something.  But I don't know how easy it
  would be for people to actually verify that.


Reply to: